docker-compose + elasticsearch7.6(配置密码及证书) + kibana7.6 + elasticsearch-head搭建集群

描述

最近研究了一下docker-compose发布elasticsearch7.6,虽然网上有一些教程,但是根据教程操作,最后根本跑不起来或者有三个节点的集群,配置密码后只有一个节点是活的,其他节点无法跟这个节点通信。踩了不少坑,最后还是看官方文档学习。
ES官网docker配置文档
ES官网证书配置文档
如果您只是简单的玩一玩,不需要配置证书、密码,只需参照ES官网docker配置文档即可

制作自定义elasticsearch7.6镜像

ES_Dockerfile配置,包含了ik分词器、生成证书。
ik分词器下载地址
ik下载之后是zip包,需要将zip解压后,压缩成tar.gz格式的

#官方镜像
FROM elasticsearch:7.6.2

USER root
##添加ik分词器
ADD elasticsearch-analysis-ik-7.6.2.tar.gz /usr/share/elasticsearch/plugins/
RUN mv /usr/share/elasticsearch/plugins/elasticsearch-analysis-ik-7.6.2 /usr/share/elasticsearch/plugins/ik
RUN chmod 777 /usr/share/elasticsearch/plugins/ik -R

#生成证书,密码可自己配置
RUN bin/elasticsearch-certutil ca --out config/elastic-stack-ca.p12 --pass 123456

#生成证书,密码可自己配置
RUN bin/elasticsearch-certutil cert --ca config/elastic-stack-ca.p12 --ca-pass 123456 --out config/elastic-certificates.p12 --pass 123456

#创建keystore
RUN bin/elasticsearch-keystore create

#将密码添加至keystore
RUN sh -c '/bin/echo -e "123456" | sh bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password'
RUN sh -c '/bin/echo -e "123456" | sh bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password'

#文件赋权限
RUN chmod 777 /usr/share/elasticsearch/config/elastic-certificates.p12
RUN chmod 777 /usr/share/elasticsearch/config/elastic-stack-ca.p12

构建镜像
注:centos7docker:443是我自己搭建的harbor镜像仓库,如果您没有镜像仓库您也可以使用阿里云的容器镜像服务。如果您只是在本地做测试,也可以不用镜像仓库。

# docker build -t centos7docker:443/aliang-xyl/elasticsearch:7.6.2 . -f ES_DockerFile

生成的镜像

[root@centos7docker elasticsearch]# docker images | grep '7.6.2'
centos7docker:443/aliang-xyl/elasticsearch        7.6.2                            66d1054960ee        46 minutes ago      820MB
kibana                                            7.6.2                            f70986bc5191        5 months ago        1.01GB
elasticsearch                                     7.6.2                            f29a1ee41030        5 months ago        791MB

推送至镜像仓库

# docker push centos7docker:443/aliang-xyl/elasticsearch:7.6.2

制作自定义elasticsearch-head镜像

如果使用原版elasticsearch-head镜像会出现无法使用的情况,报错如下:

{"error":"Content-Type header [application/x-www-form-urlencoded] is not supported","status":406}

出现这种错误是因为Content-Type不支持,支持的格式是application/json;charset=UTF-8
启动elasticsearch-head容器,将容器中的/usr/src/app/_site/vendor.js拷贝出来,然后将vendor.js里面的application/x-www-form-urlencoded替换成application/json;charset=UTF-8。
ES_Head_DockerFile配置

#原版镜像
FROM mobz/elasticsearch-head:5

USER root
#删除原本的vendor.js
RUN rm -f /usr/src/app/_site/vendor.js
#将修改后的vendor.js添加进来
ADD vendor.js /usr/src/app/_site/
RUN chmod 777 /usr/src/app/_site/vendor.js

构建镜像

# docker build -t centos7docker:443/aliang-xyl/elasticsearch-head:5 . -f ES_Head_DockerFile

推送镜像

# docker push centos7docker:443/aliang-xyl/elasticsearch-head:5

elasticsearch.yml配置

注意证书的配置要和自定义镜像中的证书信息一致

network.host: 0.0.0.0
#master节点es01
cluster.initial_master_nodes: ["es01"]
discovery.seed_hosts: ["es01","es02","es03"]
cluster.name: "es-docker-cluster"
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type
#开启kibana监控配置,如果不开启,也可以在kibana监控界面开启
xpack.monitoring.collection.enabled: true
#开启安全认证相关配置
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.audit.enabled: true
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.keystore.type: PKCS12
xpack.security.transport.ssl.verification_mode: certificate
#名字要和自定义镜像中的名字一致
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.type: PKCS12

kibana.yml配置

这里我事先定义好了账号的密码信息

server.name: kibana
server.host: "0"
kibana.index: ".kibana"
elasticsearch.hosts: [ "http://192.168.147.129:9200" ]
xpack.monitoring.ui.container.elasticsearch.enabled: true
i18n.locale: zh-CN
elasticsearch.username: 'kibana'
elasticsearch.password: 'Es123456'

docker-compose.yml配置

version: '2.2'
services:
  es01:
    image: centos7docker:443/aliang-xyl/elasticsearch:7.6.2
    container_name: es01
    environment:
      - node.name=es01
      - cluster.name=es-docker-cluster
      - discovery.seed_hosts=es02,es03
      - cluster.initial_master_nodes=es01
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
      - TZ=Asia/Shanghai
      - node.master=true
      - node.data=true
      - http.cors.enabled=true
      - http.cors.allow-origin=*
      - http.cors.allow-headers=Authorization,X-Requested-With,Content-Length,Content-Type
      - xpack.security.enabled=true
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.audit.enabled=true
      - xpack.license.self_generated.type=basic
      - xpack.monitoring.collection.enabled=true
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - ./es01/data:/usr/share/elasticsearch/data
      - ./es01/logs:/usr/share/elasticsearch/logs
      - ./elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
    ports:
      - 9200:9200
    networks:
      - elastic

  es02:
    image: centos7docker:443/aliang-xyl/elasticsearch:7.6.2
    container_name: es02
    environment:
      - node.name=es02
      - cluster.name=es-docker-cluster
      - discovery.seed_hosts=es01,es03
      - cluster.initial_master_nodes=es01
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
      - TZ=Asia/Shanghai
      - node.master=true
      - node.data=true
      - http.cors.enabled=true
      - http.cors.allow-origin=*
      - http.cors.allow-headers=Authorization,X-Requested-With,Content-Length,Content-Type
      - xpack.security.enabled=true
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.audit.enabled=true
      - xpack.license.self_generated.type=basic
      - xpack.monitoring.collection.enabled=true
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - ./es02/data:/usr/share/elasticsearch/data
      - ./es02/logs:/usr/share/elasticsearch/logs
      - ./elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
    ports:
      - 9202:9200
    networks:
      - elastic

  es03:
    image: centos7docker:443/aliang-xyl/elasticsearch:7.6.2
    container_name: es03
    environment:
      - node.name=es03
      - cluster.name=es-docker-cluster
      - discovery.seed_hosts=es01,es02
      - cluster.initial_master_nodes=es01
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
      - TZ=Asia/Shanghai
      - node.master=true
      - node.data=true
      - http.cors.enabled=true
      - http.cors.allow-origin=*
      - http.cors.allow-headers=Authorization,X-Requested-With,Content-Length,Content-Type
      - xpack.security.enabled=true
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.audit.enabled=true
      - xpack.license.self_generated.type=basic
      - xpack.monitoring.collection.enabled=true
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - ./es03/data:/usr/share/elasticsearch/data
      - ./es03/logs:/usr/share/elasticsearch/logs
      - ./elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
    ports:
      - 9203:9200
    networks:
      - elastic

  kibana:
    depends_on: 
      - es01
    image: kibana:7.6.2
    container_name: kibana
    ports:
      - 5601:5601
    environment:
      - elasticsearch.url=http://es01:9200
      - elasticsearch.hosts=http://es01:9200
      - i18n.locale=zh-CN   
      - TZ=Asia/Shanghai
    volumes:
      - ./kibana.yml:/usr/share/kibana/config/kibana.yml
      - /etc/localtime:/etc/localtime
    networks:
      - elastic

  eshead:    
    image: centos7docker:443/aliang-xyl/elasticsearch-head:5
    container_name: eshead
    networks:
      - elastic
    ports:
      - 9100:9100

networks:
  elastic:
    driver: bridge

启动容器

创建文件夹并给权限:

# mkdir -p es01/logs es01/data es02/logs es02/data es03/logs es03/data
# chmod 777 es0* -R

此时当前目录下文件:

[root@centos7docker elasticsearch]# ll
总用量 4636
-rw-r--r--. 1 root root    4063 9月   2 10:40 docker-compose.yml
-rw-r--r--. 1 root root 4261000 8月  23 16:36 elasticsearch-analysis-ik-7.6.2.tar.gz
-rwxrwxrwx. 1 root root     770 9月   1 21:03 elasticsearch.yml
drwxrwxrwx. 4 root root      30 9月   1 14:47 es01
drwxrwxrwx. 4 root root      30 9月   1 14:47 es02
drwxrwxrwx. 4 root root      30 9月   1 14:47 es03
-rw-r--r--. 1 root root     925 9月   1 22:24 ES_DockerFile
-rw-r--r--. 1 root root     162 8月  23 17:43 ES_Head_DockerFile
-rwxrwxrwx. 1 root root     261 9月   1 15:21 kibana.yml
-rw-r--r--. 1 root root  459899 8月  23 17:41 vendor.js

启动

# docker-compose -f docker-compose.yml up -d
Creating es01 ... done
Creating kibana ... done
Creating eshead ... 
Creating es03 ... 
Creating es01 ... 
Creating kibana ... 
[root@centos7docker elasticsearch]# docker-compose ps
 Name               Command               State                Ports              
----------------------------------------------------------------------------------
es01     /usr/local/bin/docker-entr ...   Up      0.0.0.0:9200->9200/tcp, 9300/tcp
es02     /usr/local/bin/docker-entr ...   Up      0.0.0.0:9202->9200/tcp, 9300/tcp
es03     /usr/local/bin/docker-entr ...   Up      0.0.0.0:9203->9200/tcp, 9300/tcp
eshead   /bin/sh -c grunt server          Up      0.0.0.0:9100->9100/tcp          
kibana   /usr/local/bin/dumb-init - ...   Up      0.0.0.0:5601->5601/tcp

配置密码

进入master节点容器配置密码

[root@centos7docker elasticsearch]# docker exec -it es01 /bin/bash
[root@2e2238365006 elasticsearch]# ./bin/elasticsearch-setup-passwords interactive --verbose
Running with configuration path: /usr/share/elasticsearch/config

Testing if bootstrap password is valid for http://172.20.0.3:9200/_security/_authenticate?pretty
{
  "username" : "elastic",
  "roles" : [
    "superuser"
  ],
  "full_name" : null,
  "email" : null,
  "metadata" : {
    "_reserved" : true
  },
  "enabled" : true,
  "authentication_realm" : {
    "name" : "reserved",
    "type" : "reserved"
  },
  "lookup_realm" : {
    "name" : "reserved",
    "type" : "reserved"
  }
}


Checking cluster health: http://172.20.0.3:9200/_cluster/health?pretty
{
  "cluster_name" : "es-docker-cluster",
  "status" : "green",
  "timed_out" : false,
  "number_of_nodes" : 3,
  "number_of_data_nodes" : 3,
  "active_primary_shards" : 1,
  "active_shards" : 2,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 0,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 100.0
}

Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y


Enter password for [elastic]: 
Reenter password for [elastic]: 
Enter password for [apm_system]: 
Reenter password for [apm_system]: 
Enter password for [kibana]: 
Reenter password for [kibana]: 
Enter password for [logstash_system]: 
Reenter password for [logstash_system]: 
Enter password for [beats_system]: 
Reenter password for [beats_system]: 
Enter password for [remote_monitoring_user]: 
Reenter password for [remote_monitoring_user]: 

Trying user password change call http://172.20.0.3:9200/_security/user/apm_system/_password?pretty
{ }

Changed password for user [apm_system]

Trying user password change call http://172.20.0.3:9200/_security/user/kibana/_password?pretty
{ }

Changed password for user [kibana]

Trying user password change call http://172.20.0.3:9200/_security/user/logstash_system/_password?pretty
{ }

Changed password for user [logstash_system]

Trying user password change call http://172.20.0.3:9200/_security/user/beats_system/_password?pretty
{ }

Changed password for user [beats_system]

Trying user password change call http://172.20.0.3:9200/_security/user/remote_monitoring_user/_password?pretty
{ }

Changed password for user [remote_monitoring_user]

Trying user password change call http://172.20.0.3:9200/_security/user/elastic/_password?pretty
{ }

Changed password for user [elastic]

登陆 kibana 和 elasticsearch-head

浏览器访问:http://centos7docker:5601/
我的谷歌浏览器访问时,登陆成功但是无法跳转至首页,一直在登陆页。
在这里插入图片描述
谷歌浏览器无法登陆kibana,具体原因没有去查,直接使用了火狐浏览器。
在这里插入图片描述
登陆成功后进入监控界面:
在这里插入图片描述
在这里插入图片描述
elasticsearch-head界面
访问http://centos7docker:9100/?auth_user=elastic&auth_password=Es123456
这里的centos7docker:9100换成你自己的ip和端口号即可
在这里插入图片描述

相关推荐

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
©️2022 CSDN 皮肤主题:大白 设计师:CSDN官方博客 返回首页
评论

打赏作者

阿良~

你的鼓励将是我创作的最大动力

¥2 ¥4 ¥6 ¥10 ¥20
输入1-500的整数
余额支付 (余额:-- )
扫码支付
扫码支付:¥2
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、C币套餐、付费专栏及课程。

余额充值